Home > Vulnerability Database > CVE-2025-65482

Mend.io Vulnerability Database

CVE-2025-65482

Good to know:

Date: January 19, 2026

An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.

Severity Score

9.8

Related Resources (8)

Url: https://hackmd.io/@cuongnh/rkJPCgSy-l

Url: https://github.com/AT190510-Cuong/CVE-2025-65482-XXE-

Url: https://github.com/opensagres/xdocreport/commit/d9b90ae6c9489dc43f6427ec7b315cab34125332

Url: https://drive.google.com/drive/folders/1hUyCznpBN7ivo5krmyJ4OQc_q626Hy5q?usp=sharing

Url: https://hackmd.io/@cuongnh/r1B7B8fJ-g

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-65482

Url: https://github.com/opensagres/xdocreport

Url: https://www.mend.io/vulnerability-database/CVE-2025-65482

Severity Score

9.8

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference

CWE-611

Top Fix

Upgrade Version

Upgrade to version fr.opensagres.xdocreport:fr.opensagres.xdocreport.document:2.0.4;https://github.com/opensagres/xdocreport.git - xdocreport-parent-2.0.4

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-65482

Good to know:

Date: January 19, 2026

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?